Compare commits

...

17 commits

Author SHA1 Message Date
7bfa3bc807 add kbs settings patch file 2022-12-20 12:45:54 -08:00
finn
215952a8dd add aarch64-apple-darwin target 2022-09-13 15:58:03 -07:00
finn
75a6299076 update inexplicably different darwin hash 2022-08-22 15:50:44 -07:00
finn
ebf97bd571 fix checkout version 2022-08-22 15:50:44 -07:00
finn
abfe60edbe modify websocket receive callback to allow indicating the message was not saved and should be re-delivered 2022-08-22 15:50:44 -07:00
d6cde14350 add musl hashes 2022-07-31 13:07:24 -07:00
5173711b10 fix hashes 2022-07-31 13:05:31 -07:00
186d7ec602 add x86_64-unknown-linux-musl target 2022-07-31 12:55:47 -07:00
finn
e1382092d3 update to unofficial_50 2022-06-16 15:53:26 -07:00
61b3239300 fix patch 2022-04-26 17:28:29 -07:00
0fab195157 update to unofficial_47 2022-04-26 17:25:45 -07:00
finn
41951d0a43 update to unofficial_46 2022-04-06 13:39:50 -07:00
finn
19f6df8197 add verification metadata for osx 2022-03-21 19:06:14 -07:00
finn
5330f94872 fix variable name in template 2022-03-21 18:59:33 -07:00
finn
fec6f65b2b Update to unofficial_45 2022-03-21 18:58:14 -07:00
finn
448b6ae3c9 update how the tag is checked out 2022-01-24 18:55:46 -08:00
4bc11f17a0 update to unofficial_38
some slightly different patching requirements
2022-01-24 18:52:38 -08:00
7 changed files with 280 additions and 53 deletions

View file

@ -2,18 +2,14 @@ stages:
- build
variables:
version: "v2.15.3_unofficial_34"
version: "v2.15.3_unofficial_50"
GRADLE_OPTS: -Dorg.gradle.daemon=false
build:
image: gradle:7.2
image: gradle:7.4
stage: build
script:
- git clone https://github.com/Turasa/libsignal-service-java
- cd libsignal-service-java && git checkout "$version"
- git config user.email nobody@signald.org && git config user.name signald
- git am ../libsignal-service-java.patch
- gradle assemble publish
- ./build.sh
parallel:
matrix:
- TARGET:
@ -22,15 +18,15 @@ build:
- arm-unknown-linux-gnueabihf
- armv7-unknown-linux-gnueabihf
- x86_64-unknown-linux-gnu
- x86_64-unknown-linux-musl
build x86_64-apple-darwin:
build darwin:
stage: build
tags: [darwin-builder]
script:
- git clone https://github.com/Turasa/libsignal-service-java
- cd libsignal-service-java && git checkout "$version"
- git config user.email nobody@signald.org && git config user.name signald
- git am ../libsignal-service-java.patch
- ./gradlew assemble publish
variables:
TARGET: x86_64-apple-darwin
- ./build.sh
parallel:
matrix:
- TARGET:
- x86_64-apple-darwin
- aarch64-apple-darwin

11
build.sh Executable file
View file

@ -0,0 +1,11 @@
#!/bin/bash
set -exuo pipefail
git clone -b "${version}" https://github.com/Turasa/libsignal-service-java.git
cd libsignal-service-java
git config user.email nobody@signald.org
git config user.name signald
git am ../libsignal-service-java.patch
git am ../update-kbs-settings.patch
python3 ../update-verification-metadata.py
git diff --color=always
gradle assemble publish || (gradle --write-verification-metadata sha256 && git diff --color=always && exit 1)

34
hashes.json Normal file
View file

@ -0,0 +1,34 @@
{
"aarch64-unknown-linux-gnu": {
"jar": "802529c1472f7e621cca496c918d7bfec08314572f10e168b0d20b15a5b8101a",
"module": "48e315037d2d9af6c7cf7b811d9a81d81b1eff13cbb1837b7638a3803b68f303"
},
"arm-unknown-linux-gnueabi": {
"jar": "8ef66fe1ae28fe7b2918292824ef33a41a3432c3a981cfa55665106c89348327",
"module": "7c988dfb2fca57ff0aabd7bd88ebfa5658be8722adb0831a5140aed3d1529097"
},
"arm-unknown-linux-gnueabihf": {
"jar": "446a796b0a2a062c65d9d5cb75a3fd4aadc03ab321b52c39a5bfe1e6f9dc9891",
"module": "30e6a82cc6d2b01b57b758d8352c9d90926f31becfe6218c43d2614a309c9cbc"
},
"armv7-unknown-linux-gnueabihf": {
"jar": "3e896a52cf5816387094137403c112353de93f4b7591bcfc5965e89ef3777c5b",
"module": "39be083718c6b8afe94e2ccff63c918ea1255292881afbb60b12236cd4b70dc6"
},
"x86_64-unknown-linux-gnu": {
"jar": "b38295eb11df91939b872f49eb8b55b2faf7933da92202b95d82320f4cdcb644",
"module": "1b739335cde181864882481f5feca8fca3f7baa439f79c36ac596a781e6d4477"
},
"x86_64-apple-darwin": {
"jar": "949a72b14d81389a30e330db3162f822a475d0f19087590f334639acdb01b4eb",
"module": "7de5da969225585d36d68ba7a87c80d33886e36a04dea9d78ef8c2df9f6a3bf2"
},
"aarch64-apple-darwin": {
"jar": "e7f405b1c521054bbea8ec0ff87c54527f17e8c914079d7805c4def3589e8af1",
"module": "3c153a7e01ae317280981e387d3fd002b7106ce65653be1b6e4216a4f4d9d314"
},
"x86_64-unknown-linux-musl": {
"jar": "9a46edb376089b6284cbc76c4e6bc21fa91f8ee7e3daf221d704243cfe0c16cf",
"module": "a35abf78dc674557ddc7da348d5eb2d015b4e843d5402df95922ba2780b36169"
}
}

View file

@ -1,27 +1,38 @@
From 9c663c86765a9a0b2950ae8850bffc9fe4abe335 Mon Sep 17 00:00:00 2001
From: finn <finn@janky.solutions>
Date: Thu, 18 Nov 2021 18:55:31 -0800
Subject: [PATCH] update gradle files
From c51057ae26118490176af0b2421f8fa62d926c00 Mon Sep 17 00:00:00 2001
From: signald <nobody@signald.org>
Date: Thu, 16 Jun 2022 13:04:00 -0700
Subject: [PATCH] update build files and provide a way for the websocket
receive callback to indicate the message was not saved
---
build.gradle | 10 +---------
build.gradle | 17 +++--------------
dependencies.gradle | 3 +--
service/build.gradle | 21 ++++++++++-----------
settings.gradle | 2 +-
4 files changed, 13 insertions(+), 23 deletions(-)
gradle/verification-metadata.xml | 13 ++++++++-----
service/build.gradle | 19 +++++++++----------
.../signalservice/api/NotSavedException.java | 4 ++++
.../signalservice/api/SignalWebSocket.java | 13 ++++++++++---
settings.gradle | 1 -
7 files changed, 35 insertions(+), 35 deletions(-)
create mode 100644 service/src/main/java/org/whispersystems/signalservice/api/NotSavedException.java
diff --git a/build.gradle b/build.gradle
index 5a4cded..a1d8d70 100644
index 2498bfcb..81f7038d 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,5 +1,6 @@
buildscript {
repositories {
+ maven {url "https://gitlab.com/api/v4/groups/6853927/-/packages/maven"} // https://gitlab.com/groups/signald/-/packages
google()
mavenCentral()
@@ -9,11 +9,8 @@ buildscript {
}
@@ -23,15 +24,6 @@ def getRepositoryPassword() {
}
-plugins {
- id("io.github.gradle-nexus.publish-plugin") version "1.1.0"
-}
-project.group = "com.github.turasa"
+project.group = "org.signald"
def getRepositoryUsername() {
return hasProperty('whisperSonatypeUsername') ? whisperSonatypeUsername : ""
@@ -23,18 +20,10 @@ def getRepositoryPassword() {
return hasProperty('whisperSonatypePassword') ? whisperSonatypePassword : ""
}
@ -33,29 +44,66 @@ index 5a4cded..a1d8d70 100644
- }
- }
-}
-
subprojects {
ext.lib_signal_service_version_number = "2.15.3_unofficial_34"
ext.lib_signal_service_group_info = "com.github.turasa"
- ext.lib_signal_service_version_number = "2.15.3_unofficial_50"
- ext.lib_signal_service_group_info = "com.github.turasa"
+ ext.lib_signal_service_version_number = "2.15.3_unofficial_50_signald_2"
+ ext.lib_signal_service_group_info = "org.signald"
if (JavaVersion.current().isJava8Compatible()) {
allprojects {
diff --git a/dependencies.gradle b/dependencies.gradle
index c1288ca..fc83d0f 100644
index e4b9f8a8..20e0d2f2 100644
--- a/dependencies.gradle
+++ b/dependencies.gradle
@@ -8,8 +8,7 @@ dependencyResolutionManagement {
alias('google-libphonenumber').to('com.googlecode.libphonenumber:libphonenumber:8.12.33')
alias('google-libphonenumber').to('com.googlecode.libphonenumber:libphonenumber:8.12.48')
// 1st Party
- alias('signal-client-java').to('org.whispersystems', 'signal-client-java').versionRef('signal-client')
- alias('signal-client-android').to('org.whispersystems', 'signal-client-android').versionRef('signal-client')
+ alias('signal-client-java').to('org.whispersystems', 'signal-client-java-' + System.getenv("TARGET")).versionRef('signal-client')
- alias('libsignal-client').to('org.signal', 'libsignal-client').versionRef('libsignal-client')
- alias('libsignal-android').to('org.signal', 'libsignal-android').versionRef('libsignal-client')
+ alias('libsignal-client').to('org.signald', 'libsignal-client-' + System.getenv("TARGET")).versionRef('libsignal-client')
// Third Party
alias('jackson-core').to('com.fasterxml.jackson.core:jackson-databind:2.9.9.2')
alias('jackson-core').to('com.fasterxml.jackson.core:jackson-databind:2.13.0')
diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
index fc39d024..59fde59c 100644
--- a/gradle/verification-metadata.xml
+++ b/gradle/verification-metadata.xml
@@ -482,6 +482,9 @@
<artifact name="protoc-3.18.0-linux-x86_64.exe">
<sha256 value="e977a0b300a3b0c7c0135a02b8a4d746081e1cd8946ea747e0247412535692fe" origin="Generated by Gradle"/>
</artifact>
+ <artifact name="protoc-3.18.0-osx-x86_64.exe">
+ <sha256 value="956241e25cac149cf8d01d4f9125f2913b3bc471deea6856231367cdf4be71a4" origin="Generated by Gradle"/>
+ </artifact>
</component>
<component group="com.google.testing.platform" name="core-proto" version="0.0.8-alpha04">
<artifact name="core-proto-0.0.8-alpha04.jar">
@@ -1133,12 +1136,12 @@
<sha256 value="95510c70f1bf0fd65ddc1f39fbf7a42d75d8a064dc3a2cbe52496fa2f2c535f0" origin="Generated by Gradle"/>
</artifact>
</component>
- <component group="org.signal" name="libsignal-client" version="0.17.0">
- <artifact name="libsignal-client-0.17.0.jar">
- <sha256 value="3611dc9425d7ef85daedbafa49fa67f49e921bf89e36f601d0b79b1268315619" origin="Generated by Gradle"/>
+ <component group="org.signald" name="libsignal-client-{TARGET}" version="0.17.0">
+ <artifact name="libsignal-client-{TARGET}-0.17.0.jar">
+ <sha256 value="{TARGET_JAR_SHA256}" origin="Generated by Gradle"/>
</artifact>
- <artifact name="libsignal-client-0.17.0.module">
- <sha256 value="cc6125c6e30421eb39a115576371a41f0adde7ea501e99d2c74192264e6fb1ab" origin="Generated by Gradle"/>
+ <artifact name="libsignal-client-{TARGET}-0.17.0.module">
+ <sha256 value="{TARGET_MODULE_SHA256}" origin="Generated by Gradle"/>
</artifact>
</component>
<component group="org.tensorflow" name="tensorflow-lite-metadata" version="0.1.0-rc2">
diff --git a/service/build.gradle b/service/build.gradle
index 98377c1..ca5a4c0 100644
index ae4df43a..4b0240d8 100644
--- a/service/build.gradle
+++ b/service/build.gradle
@@ -23,6 +23,7 @@ compileJava {
@@ -21,6 +21,7 @@ compileJava {
}
repositories {
@ -63,18 +111,16 @@ index 98377c1..ca5a4c0 100644
mavenCentral()
mavenLocal()
}
@@ -103,8 +104,8 @@ def getRepositoryPassword() {
@@ -98,7 +99,7 @@ def getRepositoryPassword() {
publishing {
publications {
- mavenJava(MavenPublication) {
mavenJava(MavenPublication) {
- artifactId = 'signal-service-java'
+ library(MavenPublication) {
+ artifactId = 'signal-service-java-' + System.getenv("TARGET")
from components.java
pom {
@@ -145,16 +146,14 @@ publishing {
@@ -139,16 +140,14 @@ publishing {
repositories {
maven {
@ -98,18 +144,69 @@ index 98377c1..ca5a4c0 100644
- required { isReleaseBuild() && gradle.taskGraph.hasTask("uploadArchives") }
- sign publishing.publications.mavenJava
-}
diff --git a/service/src/main/java/org/whispersystems/signalservice/api/NotSavedException.java b/service/src/main/java/org/whispersystems/signalservice/api/NotSavedException.java
new file mode 100644
index 00000000..05d77d1f
--- /dev/null
+++ b/service/src/main/java/org/whispersystems/signalservice/api/NotSavedException.java
@@ -0,0 +1,4 @@
+package org.whispersystems.signalservice.api;
+
+public class NotSavedException extends Exception {
+}
diff --git a/service/src/main/java/org/whispersystems/signalservice/api/SignalWebSocket.java b/service/src/main/java/org/whispersystems/signalservice/api/SignalWebSocket.java
index 5a98f3c4..dff24940 100644
--- a/service/src/main/java/org/whispersystems/signalservice/api/SignalWebSocket.java
+++ b/service/src/main/java/org/whispersystems/signalservice/api/SignalWebSocket.java
@@ -243,6 +243,7 @@ public final class SignalWebSocket {
while (true) {
WebSocketRequestMessage request = getWebSocket().readRequest(timeout);
WebSocketResponseMessage response = createWebSocketResponse(request);
+ boolean sendResponse = true; // indicates the acknowledgement should be sent to the server
try {
if (isSignalServiceEnvelope(request)) {
Optional<String> timestampHeader = findHeader(request);
@@ -258,13 +259,19 @@ public final class SignalWebSocket {
SignalServiceEnvelope envelope = new SignalServiceEnvelope(request.getBody().toByteArray(), timestamp);
- callback.onMessage(envelope);
+ try {
+ callback.onMessage(envelope);
+ } catch (NotSavedException e) {
+ sendResponse = false;
+ }
return Optional.of(envelope);
} else if (isSocketEmptyRequest(request)) {
return Optional.empty();
}
} finally {
- getWebSocket().sendResponse(response);
+ if(sendResponse) {
+ getWebSocket().sendResponse(response);
+ }
}
}
}
@@ -315,6 +322,6 @@ public final class SignalWebSocket {
* received.
*/
public interface MessageReceivedCallback {
- void onMessage(SignalServiceEnvelope envelope);
+ void onMessage(SignalServiceEnvelope envelope) throws NotSavedException;
}
}
diff --git a/settings.gradle b/settings.gradle
index 8861c00..c180376 100644
index 8861c008..8dd03423 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -1,6 +1,6 @@
@@ -1,6 +1,5 @@
enableFeaturePreview('VERSION_CATALOGS')
-include ':android'
+
include 'libsignal-service'
project(':libsignal-service').projectDir = file('service')
--
2.20.1
2.30.2

31
update-hashes.py Normal file
View file

@ -0,0 +1,31 @@
#!/usr/bin/env python3
import requests
import hashlib
import json
VERSION = "0.17.0"
TARGETS = [
"aarch64-unknown-linux-gnu",
"arm-unknown-linux-gnueabi",
"arm-unknown-linux-gnueabihf",
"armv7-unknown-linux-gnueabihf",
"x86_64-unknown-linux-gnu",
"x86_64-apple-darwin",
"x86_64-unknown-linux-musl",
"aarch64-apple-darwin"
]
urlFormat = "https://gitlab.com/api/v4/groups/6853927/-/packages/maven/org/signald/libsignal-client-{target}/{version}/libsignal-client-{target}-{version}.{ext}"
output = {}
for target in TARGETS:
output[target] = {}
for ext in ["jar", "module"]:
url = urlFormat.format(target=target, version=VERSION, ext=ext)
print("fetching {}".format(url))
r = requests.get(url, allow_redirects=True)
r.raise_for_status()
output[target][ext] = hashlib.sha256(r.content).hexdigest()
with open('hashes.json', 'w') as f:
json.dump(output, f, indent=4)

38
update-kbs-settings.patch Normal file
View file

@ -0,0 +1,38 @@
From d432b9234521947d7bb07434f69a30b407700f5c Mon Sep 17 00:00:00 2001
From: Greyson Parrelli <greyson@signal.org>
Date: Thu, 20 Oct 2022 13:12:27 -0400
Subject: [PATCH 2/2] [Signal-Android] Updated KBS settings.
9941ffe79c2508eb9b1f1fa78b47b84c465d1199
---
.../internal/contacts/crypto/RemoteAttestationCipher.java | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/service/src/main/java/org/whispersystems/signalservice/internal/contacts/crypto/RemoteAttestationCipher.java b/service/src/main/java/org/whispersystems/signalservice/internal/contacts/crypto/RemoteAttestationCipher.java
index 05073edf..32e86c70 100644
--- a/service/src/main/java/org/whispersystems/signalservice/internal/contacts/crypto/RemoteAttestationCipher.java
+++ b/service/src/main/java/org/whispersystems/signalservice/internal/contacts/crypto/RemoteAttestationCipher.java
@@ -24,6 +24,11 @@ import java.util.Set;
public final class RemoteAttestationCipher {
+ private static final Set<String> ALLOWED_ADVISORIES = new HashSet<String>() {{
+ add("INTEL-SA-00334");
+ add("INTEL-SA-00615");
+ }};
+
private RemoteAttestationCipher() {
}
@@ -100,7 +105,7 @@ public final class RemoteAttestationCipher {
if ("OK".equals(entity.getIsvEnclaveQuoteStatus())) {
return true;
} else if ("SW_HARDENING_NEEDED".equals(entity.getIsvEnclaveQuoteStatus())) {
- return entity.getAdvisoryIds().length == 1 && "INTEL-SA-00334".equals(entity.getAdvisoryIds()[0]);
+ return Arrays.stream(entity.getAdvisoryIds()).allMatch(ALLOWED_ADVISORIES::contains);
} else {
return false;
}
--
2.30.2

View file

@ -0,0 +1,20 @@
#!/usr/bin/env python3
import os
import json
filename = "gradle/verification-metadata.xml"
with open('../hashes.json') as f:
hashes = json.load(f)
target = os.getenv("TARGET")
if target not in hashes:
raise Exception("Target {} not in known hashes, please update the python script".format(os.getenv("TARGET")))
with open(filename) as f:
template = f.read()
output = template.format(TARGET=target, TARGET_JAR_SHA256=hashes[target]["jar"], TARGET_MODULE_SHA256=hashes[target]["module"])
with open(filename, 'w') as f:
f.write(output)